> > There might be a couple of alternate solutions coming to mind: > 1. move all internet Routes to the CE1 table and use static routes to point > back at the VRF with next-table from inet.0 which will not really scale > beyond a single l3vpn. > 2. use a separate VRF for the internet routes and use auto-export, > rib-groups, vrf-import/export policy to move routes around. This would need a > rework of our network and is not really feasible right now.
If point 2. is not feasible then you can do below Since you have already put a static route from VRF pointing to inet.0 for the traffic going to internet now you need to work for reverse traffic from internet to CE1 or CE2 . As you have mentioned that they use Public IP in that case you can put all VPN routes (from CE1 and CE2 ) or aggregate routes into inet.0 using rib-goups to attract reverse traffic from internet . Bikram _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp